The opinion in support of the decision being entered today was not written for 
publication and is not binding precedent of the Board. 
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DECISION ON APPEAL 
This is a decision on appeal from the final rejection of claims 1, 2, 4-6, 8-15, 17, 18, 
and 20-25. 

The invention is directed to an access control system for use in a data transfer system 
which transfers data by means of public-key cryptosystem based on a public key certificate 
issued to an authentication object by a public key issuer authority. 

Representative independent claim 1 is reproduced as follows: 

1. An access control system for use in a data transfer system which transfers data by 
means of public-key cryptosystem based on a public key certificate issued to an 



Appeal No. 2006-2189 
Application No. 09/843,403 




ON BRIEF 




Appeal No. 2006-2189 
Application No. 09/843,403 



authentication object by a public key issuer authority, the access control system comprising: 

a service provider which is an authentication object and which provides services; 

a service receiving device which also is an authentication object and which receives 
services provided by the service provider; and 

an access control server which issues to the service receiving device an access 
permission which identifies a service provider an access to which by the service receiving 
device is permitted; 

a system holder which is an organization that provides or controls contents usable by 
a user terminal, contents which enables provision of services, or a service distribution 
infrastructure; 

wherein the service provider performs, based on the access permission, a decision as 
to whether an access request by the service receiving device is to be permitted; and 

the system holder is configured to administrate the service provider and the service 
receiving device and to treat the service provider and the service receiving device as 
authentication objects and generates the access permissions in a form independently usable 
for the service provider. 

The examiner relies on the following references: 

Misra et al. (Misra) 5,757,920 May 26, 1998 

Doyle et al. (Doyle) 6,128,738 Oct. 03, 2000 

Claims 1, 2, 4-6, 8-13, 15, 17, 18, and 20-24 stand rejected under 35 U.S.C. § 102 (e) 

as anticipated by Doyle. 

Claims 14 and 25 stand rejected under 35 U.S.C. § 103 as unpatentable over Doyle in 

view of Misra. 

Reference is made to the brief and answer for the respective positions of appellants 
and the examiner. 
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OPINION 

At the outset, we note that in accordance with appellants' statement, at page 3 of the 
brief, all claims will stand or fall together. Accordingly, we will focus on independent claim 
1. 

The examiner applies Doyle to claim 1 at pages 3-4 of the answer, to which we refer 
for the examiner's reasoning. 

Appellants argue only that Doyle does not disclose or suggest generation of the access 
permissions in a form independently usable for the service provider, as in the last lines of 
independent claims 1 and 15. Appellants contend that while Doyle requires distinct 
configuration and authentication for each host application, the instant claimed invention does 
not. 

Appellants explain that in Doyle, when the host receives information about a selected 
host application, the host application provides the information and a bind request 307 is sent 
from the host to the client. The client responds with a bind response 309 and the host 
application then sends a request to the client for its certificate 311. The client's response is to 
create a security packet and to send the security packet to the host 3 1 3 for authentication. 
The host application then forwards the client's certificate to a host access control 315. Once 
authenticated, the host access control returns a response to the host application 317. At that 
point, logon is complete and application data begins to flow 319 between the client and the 
host application (brief-pages 5-6, citing column 5, line 67, through column 6, line 14, of 
Doyle). Therefore, appellants conclude that Doyle requires both the client and the host 
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application to store and administrate various kinds of data for authentication, increasing the 
load on each device. 

The examiner responds by arguing that the claim limitation of "generation of the 
access permissions in a form independently usable for the service provider" may be 
interpreted broadly, yet reasonably, so that Doyle anticipates. In particular, the examiner 
contends that Doyle's gateway system generates the certificate and signature in response to a 
request by a user for certification information and the certification information is 
authenticated at the host system in order to grant the requesting user access to the desired 
applications. It is the examiner's position that this certification information meets the 
limitation of the claimed access permissions, and that because the gateway system generates 
the certification information for the host computer to authenticate the user's application 
request, the certification information is generated in a form independently usable by the host 
computer (answer-page 7). Moreover, the examiner contends that since the host computer is 
the only party in the system of Doyle capable of authenticating the user's request based on the 
certification information, this meets the instant claim language regarding "independently 
usable for the service provider." 

Since the outcome of this case depends on whether the examiner's broad 
interpretation of the phrase, "generates the access permissions in a form independently usable 
for the service provider" is warranted, it would be helpful to determine what, exactly, 
appellants intended by that language. Page 9, lines 17-20, and page 10, lines 16-18, of the 
instant specification, referenced by appellants at page 3 of the brief for an understanding of 
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that claim language, provides very little help in that the cited portions of the specification use 
exactly the claim language with no further explanation as to what constitutes a form 
"independently usable for the service provider." 

We find the examiner's explanation to be reasonable. That is, since the gateway 
system of Doyle generates the certification information for the host computer to authenticate 
the user's application request, the certification information is generated in a form 
"independently usable by the host computer," i.e., the host computer is the only party to use 
the certification information to authenticate the user's request. Therefore, the access 
permissions are generated in a form independently usable by the service provider (host). We 
realize that the claim language recites "independently usable for the service provider" and not 
"independently usable by the service provider," as postulated in the examiner's analysis, but 
we find no distinction in this language which would nullify the examiner's analysis. 

Accordingly, we will sustain the rejection of claims 1, 2, 4-6, 8-13, 15, 17, 18, and 
20-24 under 35 U.S.C. § 102 (e) and, since the rejection under 35 U.S.C. § 103 over Doyle 
and Misra is not separately argued, we will also sustain this rejection. 

The examiner's decision is affirmed. 
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No time period for taking any subsequent action in connection with this appeal may 
be extended under 37 CFR § 1.136(a)(l)(iv) (2004). 

AFFIRMED 



ERROL A. KRASS 





Administrative Patent Judge 




BOARD OF PATENT 

APPEALS AND 
INTERFERENCES 



Administrative Patent Judge 




Administrative Patent Judge 



EK/rwk 



-6- 



Appeal No. 2006-2189 
Application No. 09/843,403 



SONNENSCHEIN NATH & ROSENTHAL LLP 
P.O. BOX 061080 

WACKER DRIVE STATION, SEARS TOWER 
CHICAGO, IL 60606-1080 



-7- 



